The Internet has had a major impact on the way business is done. Few businesses would want to disconnect themselves from the Internet, but the current proliferation of active web pages is making it easier for hackers to penetrate systems.
It is possible to specify a fine-grained access policy. For example, the Java 1.2 specification allows a user to limit the access permission to files depending on the source of the applet. Unfortunately, this security depends on the applet being run through the Java byte code interpreter. Thus, these controls are not enforceable for native code, code written in languages such as C, C++, and Visual Basic, as often found in ActiveX controls.
One approach to providing the same kind of fine-grained control similar to the Java 1.2 specification is to modify the library commands used to access the resource to be protected. For example, to limit access to files, one could modify the file access library. Unfortunately, applications are currently not required to link with the modified library.
Unfortunately, there is currently no way to force an application to link with the modified library. A malicious hacker could write an ActiveX control that calls the operating system kernel directly or could statically link the code with a version of the library that doesn't enforce security.